1. The Field of the Invention
The present invention relates to network authentication technology. More specifically, the present invention relates to mechanisms in which authentication responsibility in a protocol-based sphere of trust is distributed and delegated throughout the sphere of trust.
2. Background and Related Art
Never before have so many had access to so much information, and never before have so many had the ability to readily communicate as they do now. This new era of highly advanced communication and information access is largely enabled by the advancement and proliferation of computer networks throughout the globe. Any individual having access to an Internet-enabled computing system may communicate with (or access resources from) any one of millions of other similarly-enabled computing systems (and potentially also their associated users). While this is certainly advantageous when behavior is appropriate, there is also the unfortunate opportunity to cause harm.
In order to mitigate harm caused in such a network environment, access to more highly sensitive network resources are controlled so that only certain computing systems or users may access that network resource. In order to identify a computing system to thereby make intelligent decisions on whether or not to grant access, it is necessary to determine the true identity of the computing system requesting access. Proper identification is accomplished in a common network process called “authentication”.
One environment in which authentication is implemented is when a computing system that is external to a common sphere of trust is to communicate with a computing system that is internal to the common sphere of trust. One type of sphere of trust is a protocol-based sphere of trust in which the internal computing systems within the sphere of trust each other with regards to communications that follow a particular protocol, but not necessarily with regards to other types of communications.
If there are a large number of computing systems within the sphere of trust, and a large number of external computing systems that may desire to communicate with any one of the internal computing systems, each internal computing system would need to be ready to authenticate a large number of external computing systems. In order to prevent repeated requests for credentials, the server maintains state. As the total number of users who send requests to the server increases, it can lead to a big increase in the amount of state maintained on the server. Even if certificate-based authentication were not employed, the sheer number of external computing systems that each internal computing system may need to authenticate may overwhelm the memory and processing resources of the internal computing system.
Accordingly, what would be advantageous is an authentication mechanism applicable to an protocol-based sphere of trust in which reliable authentication may occur while preserving the memory and processing resources of the internal and external computing systems